azure-containerregistry-py
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- Official SDK Integration: The skill utilizes the
azure-containerregistryandazure-identitylibraries, which are the official packages maintained by Microsoft for Azure service interactions. - Secure Authentication Patterns: It correctly recommends and demonstrates the use of
DefaultAzureCredential, leveraging identity-based authentication (Entra ID) rather than hardcoded secrets or access keys. - Standard Administrative Operations: The repository and manifest operations, including deletion and property updates, are standard administrative functions necessary for container registry management and image lifecycle maintenance.
- Environment-Driven Configuration: Registry endpoints are managed through environment variables (
AZURE_CONTAINERREGISTRY_ENDPOINT), which is a secure practice that avoids hardcoding infrastructure details in code. - Proper Resource Handling: The download functionality uses chunked streaming for blobs, ensuring efficient memory usage when handling container layers.
- Cleanup and Maintenance Logic: The provided cleanup script uses standard SDK methods to identify and remove untagged images, assisting in registry cost and clutter management without utilizing dangerous or unconventional patterns.
Audit Metadata